5 files changed, 5 insertions, 74 deletions

diff --git a/doc/src/sgml/config.sgml b/doc/src/sgml/config.sgml
index 091a79d4f3..f81c2045ec 100644
--- a/doc/src/sgml/config.sgml
+++ b/doc/src/sgml/config.sgml
@@ -1190,23 +1190,6 @@ include_dir 'conf.d'
       </listitem>
      </varlistentry>
 
-     <varlistentry id="guc-gss-accept-deleg" xreflabel="gss_accept_deleg">
-      <term><varname>gss_accept_deleg</varname> (<type>boolean</type>)
-      <indexterm>
-       <primary><varname>gss_accept_deleg</varname> configuration parameter</primary>
-      </indexterm>
-      </term>
-      <listitem>
-       <para>
-        Sets whether GSSAPI delegation should be accepted from the client.
-        The default is <literal>off</literal> meaning credentials from the client will
-        NOT be accepted.  Changing this to <literal>on</literal> will make the server
-        accept credentials delegated to it from the client. This parameter can only be
-        set in the <filename>postgresql.conf</filename> file or on the server command line.
-       </para>
-      </listitem>
-     </varlistentry>
-
      <varlistentry id="guc-db-user-namespace" xreflabel="db_user_namespace">
       <term><varname>db_user_namespace</varname> (<type>boolean</type>)
       <indexterm>
diff --git a/doc/src/sgml/dblink.sgml b/doc/src/sgml/dblink.sgml
index 7d25f24f49..17f9d99b1c 100644
--- a/doc/src/sgml/dblink.sgml
+++ b/doc/src/sgml/dblink.sgml
@@ -117,9 +117,8 @@ dblink_connect(text connname, text connstr) returns text
 
    <para>
     Only superusers may use <function>dblink_connect</function> to create
-    non-password-authenticated and non-GSSAPI-authenticated connections.
-    If non-superusers need this capability, use
-    <function>dblink_connect_u</function> instead.
+    non-password-authenticated connections.  If non-superusers need this
+    capability, use <function>dblink_connect_u</function> instead.
    </para>
 
    <para>
diff --git a/doc/src/sgml/libpq.sgml b/doc/src/sgml/libpq.sgml
index b8702284d0..faa8aa3187 100644
--- a/doc/src/sgml/libpq.sgml
+++ b/doc/src/sgml/libpq.sgml
@@ -2054,18 +2054,6 @@ postgresql://%2Fvar%2Flib%2Fpostgresql/dbname
       </listitem>
      </varlistentry>
 
-     <varlistentry id="libpq-connect-gssdeleg" xreflabel="gssdeleg">
-      <term><literal>gssdeleg</literal></term>
-      <listitem>
-       <para>
-        Forward (delegate) GSS credentials to the server.  The default is
-        <literal>disable</literal> which means credentials will not be forwarded
-        to the server.  Set this to <literal>enable</literal> to have
-        credentials forwarded when possible.
-       </para>
-      </listitem>
-     </varlistentry>
-
      <varlistentry id="libpq-connect-service" xreflabel="service">
       <term><literal>service</literal></term>
       <listitem>
@@ -2727,25 +2715,6 @@ int PQconnectionUsedPassword(const PGconn *conn);
       </para>
      </listitem>
     </varlistentry>
-
-    <varlistentry id="libpq-PQconnectionUsedGSSAPI">
-     <term><function>PQconnectionUsedGSSAPI</function><indexterm><primary>PQconnectionUsedGSSAPI</primary></indexterm></term>
-     <listitem>
-      <para>
-       Returns true (1) if the connection authentication method
-       used GSSAPI. Returns false (0) if not.
-
-<synopsis>
-int PQconnectionUsedGSSAPI(const PGconn *conn);
-</synopsis>
-      </para>
-
-      <para>
-       This function can be applied to detect whether the connection was
-       authenticated with GSSAPI.
-      </para>
-     </listitem>
-    </varlistentry>
    </variablelist>
   </para>
 
@@ -8271,16 +8240,6 @@ myEventProc(PGEventId evtId, void *evtInfo, void *passThrough)
     <listitem>
      <para>
       <indexterm>
-       <primary><envar>PGGSSDELEG</envar></primary>
-      </indexterm>
-      <envar>PGGSSDELEG</envar> behaves the same as the <xref
-      linkend="libpq-connect-gssdeleg"/> connection parameter.
-     </para>
-    </listitem>
-
-    <listitem>
-     <para>
-      <indexterm>
        <primary><envar>PGCONNECT_TIMEOUT</envar></primary>
       </indexterm>
       <envar>PGCONNECT_TIMEOUT</envar>  behaves the same as the <xref
diff --git a/doc/src/sgml/monitoring.sgml b/doc/src/sgml/monitoring.sgml
index e8ab803267..3f33a1c56c 100644
--- a/doc/src/sgml/monitoring.sgml
+++ b/doc/src/sgml/monitoring.sgml
@@ -3573,15 +3573,6 @@ SELECT pid, wait_event_type, wait_event FROM pg_stat_activity WHERE wait_event i
        True if GSSAPI encryption is in use on this connection
       </para></entry>
      </row>
-
-     <row>
-      <entry role="catalog_table_entry"><para role="column_definition">
-       <structfield>credentials_delegated</structfield> <type>boolean</type>
-      </para>
-      <para>
-       True if GSSAPI credentials were delegated on this connection.
-      </para></entry>
-     </row>
     </tbody>
    </tgroup>
   </table>
diff --git a/doc/src/sgml/postgres-fdw.sgml b/doc/src/sgml/postgres-fdw.sgml
index 281966f16f..9e66987cf7 100644
--- a/doc/src/sgml/postgres-fdw.sgml
+++ b/doc/src/sgml/postgres-fdw.sgml
@@ -169,10 +169,9 @@
     <literal>sslcert</literal> or <literal>sslkey</literal> settings.
    </para>
    <para>
-    Non-superusers may connect to foreign servers using password
-    authentication or with GSSAPI delegated credentials, so specify the
-    <literal>password</literal> option for user mappings belonging to
-    non-superusers where password authentication is required.
+    Only superusers may connect to foreign servers without password
+    authentication, so always specify the <literal>password</literal> option
+    for user mappings belonging to non-superusers.
    </para>
    <para>
     A superuser may override this check on a per-user-mapping basis by setting